-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathrequest.py
325 lines (278 loc) · 10.4 KB
/
request.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
from hardwarecheckout import app
from hardwarecheckout import socketio
from hardwarecheckout.models import db
from hardwarecheckout.config import EMAIL_SUBJECT
from hardwarecheckout.models.request import Request, RequestStatus
from hardwarecheckout.models.inventory_entry import InventoryEntry
from hardwarecheckout.models.inventory_entry import ItemType
from hardwarecheckout.models.user import User
from hardwarecheckout.models.item import Item
from hardwarecheckout.models.request_item import RequestItem
from hardwarecheckout.models.socket import Socket
from hardwarecheckout.utils import requires_auth, requires_admin, verify_token
from sqlalchemy import event
from flask import (
send_from_directory,
request,
redirect,
render_template,
jsonify
)
@app.route('/request')
@requires_admin()
def get_requests():
"""Renders requests that are submitted and non lottery OR already approved"""
return render_template('pages/admin.html',
submitted_requests = Request.query.filter_by(requires_lottery = False,
status = RequestStatus.SUBMITTED).all(),
approved_requests = Request.query.filter_by(status = RequestStatus.APPROVED).all(),
RequestStatus = RequestStatus,
lottery_items = InventoryEntry.query.filter_by(item_type=ItemType.LOTTERY).all(),
user=user)
@app.route('/request/submit', methods=['POST'])
@requires_auth()
def request_submit():
"""Submits new request"""
if not (user.location and user.phone):
return jsonify(
success=False,
message="""Please fill out your <a href='/user'>user info</a> before
requesting items!"""
)
proposal = request.form.get('proposal', '')
requested_quantity = int(request.form.get('quantity', 1))
if app.config['LOTTERY_CHAR_LIMIT']:
if len(proposal) > app.config['LOTTERY_CHAR_LIMIT']:
proposal = proposal[:app.config['LOTTERY_CHAR_LIMIT']]
entry = InventoryEntry.query.get(request.form['item_id'])
if not entry:
return jsonify(
success=False,
message='No item with this id!'
)
if entry.item_type == ItemType.LOTTERY:
if len(proposal) == 0 and app.config['LOTTERY_REQUIRES_PROPOSAL']:
return jsonify(
success=False,
message='Proposal required!'
)
if not app.config['LOTTERY_MULTIPLE_SUBMISSIONS']:
request_count = Request.query.filter(
(Request.user_id == user.id)
& ((Request.status != RequestStatus.CANCELLED)
& (Request.status != RequestStatus.FULFILLED))
).join(InventoryEntry.requests
).filter(InventoryEntry.id == entry.id).count()
item_posession_count = InventoryEntry.query.filter_by(id = entry.id) \
.join(Item).filter(Item.user_id == user.id).count()
# can only enter lottery if you don't have a pending or denied request
# and you don't currently have the item checked out
if request_count > 0 or item_posession_count > 0:
return jsonify(
success=False,
message='You\'ve already entered this lottery!'
)
# can only request one at a time
requested_quantity = 1
if entry.quantity < requested_quantity:
if not app.config['ENABLE_WAITLIST']:
return jsonify(
success=False,
message='Out of stock!'
)
for _ in range(requested_quantity):
item = RequestItem(
InventoryEntry.query.get(request.form['item_id']),
1)
r = Request(
[item],
user.id,
proposal)
db.session.add(item)
db.session.add(r)
db.session.commit()
return jsonify(
success=True,
)
@app.route('/request/<int:id>/cancel', methods=['POST'])
@requires_auth()
def request_cancel(id):
"""Cancel request, returns status
Non-admins can only cancel own request, returns 403 if attempted"""
r = Request.query.get(id)
if user.is_admin or r.user_id == user.id:
r.status = RequestStatus.CANCELLED
db.session.commit()
return jsonify(
success=True,
)
else:
return jsonify(
success=False,
message="Forbidden"
), 403
def request_update(id, status):
"""Update status of request, returns True if successful, otherwise False
id -- id of request
status -- new status
"""
r = Request.query.get(id)
r.status = status
db.session.commit()
return True
@app.route('/request/<int:id>/approve', methods=['POST'])
@requires_admin()
def request_approve(id):
"""Approve request and return status"""
r = Request.query.get(id)
for request_item in r.items:
entry = request_item.entry
quantity = request_item.quantity
# get items of proper type
for _ in range(quantity):
if entry.quantity < quantity:
return jsonify(
success=False,
message='Out of stock!'
)
request_update(id, RequestStatus.APPROVED)
return jsonify(
success=True,
)
@app.route('/request/<int:id>/fulfill', methods=['POST'])
@requires_admin()
def request_fulfill(id):
"""Fulfill request and return status"""
r = Request.query.get(id)
# collect user ID
if request.form['collected_id'] == 'true':
collected_id = True
elif request.form['collected_id'] == 'false':
collected_id = False
else:
return jsonify(
success=False,
message="collected_id must be a boolean"
)
if r.requires_id and collected_id:
r.user.have_their_id = True
for request_item in r.items:
entry = request_item.entry
quantity = request_item.quantity
# get items of proper type
for _ in range(quantity):
item = Item.query.filter_by(entry_id = entry.id, user = None).first()
if item == None:
return jsonify(
success=False,
message='Out of stock!'
)
# give user item
r.user.items.append(item)
# update request status
request_update(id, RequestStatus.FULFILLED)
# commit changes to DB
db.session.commit()
return jsonify(
success=True,
)
@app.route('/request/<int:id>/deny', methods=['POST'])
@requires_admin()
def request_deny(id):
"""Deny request and return status"""
request_update(id, RequestStatus.DENIED)
return jsonify(
success=True,
)
@socketio.on('connect', namespace='/admin')
def authenticate_admin_conection():
"""Callback when client connects to /admin namespace, returns True
if admin and False otherwise
"""
if 'jwt' in request.cookies:
quill_id = verify_token(request.cookies['jwt'])
if not quill_id:
return False
user = User.query.filter_by(quill_id=quill_id).first()
if user == None or not user.is_admin:
return False
return True
else:
return False
@socketio.on('connect', namespace='/user')
def authenticate_user_conection():
"""Callback when client connects to /user namespace, returns True
if logged in and False otherwise
"""
if 'jwt' in request.cookies:
quill_id = verify_token(request.cookies['jwt'])
if not quill_id:
return False
user = User.query.filter_by(quill_id=quill_id).first()
if user == None:
return False
socket = Socket(request.sid, user)
db.session.add(socket)
db.session.commit()
return True
else:
return False
@socketio.on('disconnect', namespace='/user')
def user_disconnect():
"""Delete user's socket when they disconnect"""
socket = Socket.query.get(request.sid)
db.session.delete(socket)
db.session.commit()
def on_request_insert(mapper, connection, target):
"""Callback for when new request is inserted into DB"""
request_change_handler(target.request)
def on_request_update(mapper, connection, target):
"""Callback for when request is modified"""
request_change_handler(target)
def request_change_handler(target):
"""Handler that sends updated HTML for rendering requests"""
user = target.user
sockets = Socket.query.filter_by(user=user).all()
requests = Request.query.filter(Request.user == user, Request.status.in_(
[RequestStatus.APPROVED, RequestStatus.SUBMITTED, RequestStatus.DENIED])).all()
requests_html = render_template('includes/macros/display_requests.html',
requests = requests,
RequestStatus = RequestStatus,
admin = False,
time = False)
for socket in sockets:
socketio.emit('update', {
'requests': requests_html,
}, namespace='/user', room=socket.sid)
# TODO: add check if at least one admin is connected
approved_requests = render_template('includes/macros/display_requests.html',
# display requests that are submitted and non lottery OR already approved
requests = Request.query.filter_by(status = RequestStatus.APPROVED).all(),
RequestStatus = RequestStatus,
admin = True,
time = True)
submitted_requests = render_template('includes/macros/display_requests.html',
# display requests that are submitted and non lottery OR already approved
requests = Request.query.filter_by(requires_lottery = False,
status = RequestStatus.SUBMITTED).all(),
RequestStatus = RequestStatus,
admin = True,
time = True)
lottery_items = InventoryEntry.query.filter_by(item_type=ItemType.LOTTERY).all()
lottery_quantities = []
for item in lottery_items:
lottery_quantities.append(
{
"id": item.id,
"available": item.quantity,
"submitted": item.submitted_request_quantity
}
)
socketio.emit('update', {
'approved_requests': approved_requests,
'submitted_requests': submitted_requests,
'lottery_quantities': lottery_quantities
}, namespace='/admin')
# listeners for change to Request database
event.listen(RequestItem, 'after_insert', on_request_insert)
event.listen(Request, 'after_update', on_request_update)